FIM ScriptBox Item

Summary

On occasion, you'll need to remove a large number of users from the FIM portal who DO NOT have a value in a given attribute (the value is NULL).  In the example below we identify users who DO NOT have an EmployeeID, and then send them to an array for deletion.  Before the deletion is executed, a small safety check is done to ensure the built-in sync account, default "administrator" account and the "Mike Crowley" account is omitted from the job.

Some scripts might use the DeleteObject function, however this approach opens and closes a connection for each object, which takes much longer than the below approach.

Script Code

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
Add-PSSnapin fimautomation

####################
#Find an account to save (in addition to admin and sync account, which are hard-coded below)
$MikeCrowley = export-fimconfig `
    –onlyBaseResources `
    -customconfig "/Person[DisplayName= 'Mike Crowley']"
####################

####################
#Find all users with a null (absent) EmployeeID (Case sensitive!)
$PersonsWithNullEmployeeID = export-fimconfig `
    –onlyBaseResources `
    -customconfig "/Person[ObjectID != /Person[EmployeeID != '&Invalid&'] ]"
####################

####################
#These 3 guids will be spared (which may or may not be on the list anyway):
$ADMINGUID = "urn:uuid:7fb2b853-24f0-4498-9534-4e10589723c4"
$SYNCGUID = "urn:uuid:fb89aefa-5ea1-47f1-8890-abe7797d6497"
$MikeCrowleyGUID = $MikeCrowley.ResourceManagementObject.ObjectIdentifier
####################

####################
#Remove the 3 spared accounts from the list of deletions
$UsersToDelete = $PersonsWithNullEmployeeID.ResourceManagementObject | ? {
    ($_.ObjectIdentifier -ne $ADMINGUID) -and 
    ($_.ObjectIdentifier -ne $SYNCGUID) -and 
    ($_.ObjectIdentifier -ne $MikeCrowleyGUID)
    }
####################

####################
#Create all the (deletion) import objects
$AllImportObjects = @()
$UsersToDelete | % {
    $importObject = New-Object Microsoft.ResourceManagement.Automation.ObjectModel.ImportObject
        $importObject.ObjectType = 'Person'
        $importObject.TargetObjectIdentifier = $_.ObjectIdentifier
        $importObject.SourceObjectIdentifier = $_.ObjectIdentifier
        $importObject.State = 2 
    $AllImportObjects += $importObject
    }
####################

####################
#Send all the deletion objects to the Import-FIMConfig cmdlet
    #$AllImportObjects[0..1] | Import-FIMConfig # (Test with 2)
$AllImportObjects | Import-FIMConfig 
####################

#End

note Note
To provide feedback about this article, create a post on the FIM TechNet Forum.
For more FIM related Windows PowerShell scripts, see the  FIM ScriptBox




See Also